Download
| Alert*
oval:org.secpod.oval:def:1900531
The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0allows remote attackers to cause denial of service via a crafted jpeg file. oval:org.secpod.oval:def:1901432 Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service . This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerabi ... oval:org.secpod.oval:def:1900417 The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted DEX file. oval:org.secpod.oval:def:704363 Ubuntu 18.10 is installed oval:org.secpod.oval:def:1901137 Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1902121 In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. oval:org.secpod.oval:def:1901075 scripts/inspect_webbrowser.py in Reddit Terminal Viewer 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1900104 An Amazon Web Services developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon MachineImage from the ... oval:org.secpod.oval:def:704811 nvidia-graphics-drivers-390: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to expose sensitive information. oval:org.secpod.oval:def:1900016 ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.phpfilter[Query][terms][0][cnj] parameter. oval:org.secpod.oval:def:1900577 The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0allows remote attackers to cause a denial of service via a crafted jpeg file. oval:org.secpod.oval:def:1900835 Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. in the embedded layer data in an image. oval:org.secpod.oval:def:1900134 The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM . oval:org.secpod.oval:def:1900429 Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, orCAML_BYTE_CPLUGINS environment variable. oval:org.secpod.oval:def:1901828 An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those securit ... oval:org.secpod.oval:def:1900107 Some HTML emails can trick messagelib into opening a new browser window when displaying said email as HTML. Workaround: Do not enable "PreferHTML to plain text" in KMail settings. oval:org.secpod.oval:def:1900574 The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service via a crafted jpeg file. oval:org.secpod.oval:def:1902026 An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service via a malformed file. oval:org.secpod.oval:def:1900489 docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain. oval:org.secpod.oval:def:1901946 treeRead in hdf/btree.c in libmysofa0 before 0.7 does not properly validate multiplications and additions. oval:org.secpod.oval:def:704495 gvfs: userspace virtual filesystem - GIO module GVfs could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:1900049 libcairo2-dev 1.16.0, in libcairo2-dev_ft_apply_variations in libcairo2-dev-ft-font.c, would free memory using a free function incompatible with WebKit"s fastMalloc, leading to an application crash with a "free: invalid pointer" error. oval:org.secpod.oval:def:1900424 OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact." oval:org.secpod.oval:def:1901005 It was found that libwolfssl-dev before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data. oval:org.secpod.oval:def:1900402 Red Hat JBoss EAP version 3.0.7 through 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component result ing in a moderate impact. oval:org.secpod.oval:def:1901306 Scrapy 1.4 allows remote attackers to cause a denial of service via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dat ... oval:org.secpod.oval:def:1901616 In libaubio-dev 0.4.6, a divide-by-zero error exists in the function new_libaubio-dev_source_wavread in source_wavread.c, which may lead to DoS when playing a crafted audio file. oval:org.secpod.oval:def:1900112 An issue was discovered in sysstat 12.1.1. The remap_struct function insa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf. oval:org.secpod.oval:def:1900158 An issue was discovered in sysstat 12.1.1. The remap_struct function insa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf. oval:org.secpod.oval:def:1901467 The ff_h2645_extract_rbsp function in libav-toolscodec in libav-tools 9.21 allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted h264 video file. oval:org.secpod.oval:def:1900463 The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allow sremote attackers to cause denial of service via a crafted jpeg file. oval:org.secpod.oval:def:1900473 The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0allows remote attackers to cause a denial of service via a crafted jpeg file. oval:org.secpod.oval:def:1900668 getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service via crafted x86 assembly data, as demonstrated by rasm2. oval:org.secpod.oval:def:1900820 In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. oval:org.secpod.oval:def:1901348 An issue was discovered in regex.yaml in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP request to a value containing a long digit string oval:org.secpod.oval:def:54573 aria2: High speed command-line download utility aria2 stores authentication information in plain text. oval:org.secpod.oval:def:54264 wget: retrieves files from the web Several security issues were fixed in Wget. oval:org.secpod.oval:def:1900060 libturbojpeg 2.0.1 has a heap-based buffer over-read in the put_pixel_rowsfunction in wrbmp.c, as demonstrated by djpeg. oval:org.secpod.oval:def:1901764 A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString method on an object even if not allowed by the security policy in place. oval:org.secpod.oval:def:1900133 A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service. oval:org.secpod.oval:def:1900092 A heap corruption of type CWE-120 exists in quassel version 0.12.4 inquasselcore in void DataStreamPeer::processMessagedatastreampeer.cpp line 62 that allows an attacker to execute code remotely. oval:org.secpod.oval:def:54574 gnome-shell: graphical shell for the GNOME desktop GNOME Shell could be made to execute keyboard shortcuts and other actions while the workstation was locked. oval:org.secpod.oval:def:49228 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:1902124 SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service by leveraging the ability to run arbitrary SQL statements . oval:org.secpod.oval:def:1901956 The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted MPEG-4 video data. oval:org.secpod.oval:def:54575 ffmpeg: Tools for transcoding, streaming and playing of multimedia files FFmpeg could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:1901291 FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vu ... oval:org.secpod.oval:def:704994 exim4: Exim is a mail transport agent Exim could be made to run commands if it received specially crafted network traffic. oval:org.secpod.oval:def:54266 wpa: client support for WPA and WPA2 Several security issues were fixed in wpa_supplicant and hostapd. oval:org.secpod.oval:def:704391 postgresql-10: Object-relational SQL database PostgreSQL could be made to run SQL statements as the administrator. oval:org.secpod.oval:def:1901074 An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash. oval:org.secpod.oval:def:1901856 SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled. oval:org.secpod.oval:def:1901829 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a quoted font family value. oval:org.secpod.oval:def:1901768 BWA before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file. oval:org.secpod.oval:def:1901551 An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. oval:org.secpod.oval:def:1900688 An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. oval:org.secpod.oval:def:1901524 Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a "system" entrypoint from fbudf.so. oval:org.secpod.oval:def:1900207 phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. oval:org.secpod.oval:def:1900226 In libtag1-dev 1.11.1, the rebuildAggregateFrames function inid3v2frame factory.cpp has a pointer to cast vulnerability, which allow sremote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. oval:org.secpod.oval:def:1901350 Cross-site scripting vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. oval:org.secpod.oval:def:1901239 Telegram Desktop 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list. oval:org.secpod.oval:def:49185 systemd: system and service manager Details: USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory systemd-tmpfiles could be made to change ownership ... oval:org.secpod.oval:def:49174 systemd: system and service manager Several security issues were fixed in systemd. oval:org.secpod.oval:def:1901169 An issue was discovered in libtskbase.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unm ... oval:org.secpod.oval:def:1900695 An issue was discovered in libtskfs.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped me ... oval:org.secpod.oval:def:1901275 An issue was discovered in libtskfs.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmappe ... oval:org.secpod.oval:def:1901068 An issue was discovered in libtskimg.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory caus ... oval:org.secpod.oval:def:1900047 okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive" in"core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. ... oval:org.secpod.oval:def:1902048 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. oval:org.secpod.oval:def:1901546 An attacker could send an email with a malicious link to an OTRS system or an agent. If a logged in agent opens this link, it could cause the execution of JavaScript in the context of OTRS. oval:org.secpod.oval:def:704913 freeradius: high-performance and highly configurable RADIUS server FreeRADIUS could be made to bypass authentication if it received a specially crafted input. oval:org.secpod.oval:def:1901868 [eap-pwd: authentication bypass via an invalid curve attack] oval:org.secpod.oval:def:1901866 [eap-pwd: fake authentication using reflection] oval:org.secpod.oval:def:1901771 Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlli ... oval:org.secpod.oval:def:1902046 mis-handling of non-ASCII characters in guest comment fields oval:org.secpod.oval:def:1900008 It was discovered that the gnome-shell lock screen since version 3.15.91did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. oval:org.secpod.oval:def:1901445 In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. oval:org.secpod.oval:def:1901652 The Gluster file system through version 4.1.4 is vulnerable to abuse of the "features/index" translator. A remote attacker with access to mount volumes could exploit this via the "GF_XATTROP_ENTRY_IN_KEY" xattrop to create arbitrary, empty files on the target server. oval:org.secpod.oval:def:1901595 A flaw was found in glusterfs-common server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of gluster ... oval:org.secpod.oval:def:1900100 keepalived 2.0.8 didn"t check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name , with read access for the attacker and write access for the keepalived process, then this pot ... oval:org.secpod.oval:def:1900121 keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. oval:org.secpod.oval:def:1900039 keepalived 2.0.8 didn"t check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to0, as demonstrated by a symlink from /tmp/keepalived.data or/tmp/keepalived. ... oval:org.secpod.oval:def:704436 gnupg2: GNU privacy guard - a free PGP replacement GnuPG could allow unintended access to network services. oval:org.secpod.oval:def:1900082 The tjLoadImage function in libturbojpeg 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated bytjbench. oval:org.secpod.oval:def:1900012 An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. oval:org.secpod.oval:def:1900004 www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter.This affects other web sites in the same domain. oval:org.secpod.oval:def:1901244 An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the oval:org.secpod.oval:def:1901461 In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler. oval:org.secpod.oval:def:1900917 An issue was discovered in GNU libcdio-dev before 2.0.0. There is a double free in get_cdtext_generic in lib/driver/_cdio_generic.c. oval:org.secpod.oval:def:68050 isc-dhcp: DHCP server and client DHCP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:1900024 Resource exhaustion via TCP connection to port serving the SSL endpoint oval:org.secpod.oval:def:55664 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:1901949 In FFmpeg 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. oval:org.secpod.oval:def:50984 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:1901437 QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host. oval:org.secpod.oval:def:1902013 Insecure permissions for systemd socket for virtlockd/virtlogd The virtlockd-admin.socket and virtlogd-admin.socket unit files do not set the SocketMode parameter and thus create a world accessible UNIX domain socket. Furthermore the code fails to validate the identity of clients connecting to these ... oval:org.secpod.oval:def:1900758 hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service in create_cq_ring or create_qp_rings. oval:org.secpod.oval:def:704851 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:1900087 A flaw was found in qemu Media Transfer Protocol . The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn"t consider that the underlying file system may have changed since the time lstat was called in usb_mtp_object_alloc, a classi ... oval:org.secpod.oval:def:1901301 QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked . oval:org.secpod.oval:def:1901101 hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. oval:org.secpod.oval:def:1900881 hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. oval:org.secpod.oval:def:1901190 An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was document ... oval:org.secpod.oval:def:1901390 GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage function in coders/png.c. oval:org.secpod.oval:def:1901729 It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in ... oval:org.secpod.oval:def:1902110 The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. oval:org.secpod.oval:def:1902039 An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn"t implement query_info_on_read/write. oval:org.secpod.oval:def:1902035 An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file"s user and group ownership during move operations from admin:// to file:// URIs, because root privileges are unavailable. oval:org.secpod.oval:def:1902038 An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. oval:org.secpod.oval:def:704924 memcached: high-performance memory object caching system Memcached could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:1901952 It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will b ... oval:org.secpod.oval:def:1901955 It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially differe ... oval:org.secpod.oval:def:704910 dovecot: IMAP and POP3 email server Dovecot could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:1901889 assert in JSON encoder oval:org.secpod.oval:def:705818 wavpack: audio codec - encoder and decoder WavPack could be made to crash if it received a specially crafted file. oval:org.secpod.oval:def:704967 gnome-desktop3: Introspection data for GnomeDesktop gnome-desktop could be made to escape the thumbnailer sandbox. oval:org.secpod.oval:def:1901973 An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. oval:org.secpod.oval:def:1901974 An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. oval:org.secpod.oval:def:704953 libmediainfo: library reading metadata from media files MediaInfo could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:1901741 invalid pointer access upon receiving async handshake messages oval:org.secpod.oval:def:704976 gnutls28: GNU TLS library Several security issues were fixed in GnuTLS. oval:org.secpod.oval:def:1901759 [buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media] oval:org.secpod.oval:def:1901747 critical use after free vulnerability in verify_crt oval:org.secpod.oval:def:1900019 Stored DOM cross-site scripting attack via crafted URL oval:org.secpod.oval:def:704453 subversion: Advanced version control system Subversion could be made to crash if it received a specially crafted input. oval:org.secpod.oval:def:1900720 python3-slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having b ... oval:org.secpod.oval:def:1901872 etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name which matches a valid RBAC username a remote attacker ... oval:org.secpod.oval:def:1900733 FasterXML libjackson2-databind-java 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. oval:org.secpod.oval:def:1901136 FasterXML libjackson2-databind-java 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. oval:org.secpod.oval:def:1901329 FasterXML libjackson2-databind-java 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. oval:org.secpod.oval:def:1900675 hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation , which allows attackers to cause a denial of service . oval:org.secpod.oval:def:1901552 A flaw was found in qemu Media Transfer Protocol before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead d ... oval:org.secpod.oval:def:1900168 In the GNU C Library through 2.28, attempting to resolve a crafted hostname via getaddrinfo leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex function. oval:org.secpod.oval:def:1900109 In The Sleuth Kit through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service . oval:org.secpod.oval:def:1901393 An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. oval:org.secpod.oval:def:1900938 A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df. oval:org.secpod.oval:def:1900869 The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed ... oval:org.secpod.oval:def:1900139 Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go1.10rc2 allow "go get" remote command execution during source code build,by leveraging the gcc or clang plugin feature, because -fplugin= and-plugin= arguments were not blocked. oval:org.secpod.oval:def:1901639 A NULL pointer dereference Vulnerability was found in the function libaubio-dev_source_avcodec_readframe in io/source_avcodec.c of libaubio-dev 0.4.6, which may lead to DoS when playing a crafted audio file. oval:org.secpod.oval:def:1901731 It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arb ... oval:org.secpod.oval:def:1901042 Multiple integer overflows in webp allows attackers to have unspecified impact via unknown vectors. oval:org.secpod.oval:def:704435 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704403 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704901 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704496 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704961 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:1901945 A denial of service in the subtitle decoder in FFmpeg 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. oval:org.secpod.oval:def:1901388 The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of ... oval:org.secpod.oval:def:1901614 ChaCha20-Poly1305 with long nonces oval:org.secpod.oval:def:1900023 Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384elliptic curves, which allows attackers to cause a denial of service or possibly conduct ECDH private key recovery attacks. oval:org.secpod.oval:def:1900020 skins/classic/views/control cap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange]parameter. oval:org.secpod.oval:def:1900022 ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. oval:org.secpod.oval:def:1900027 python3-sqlalchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. oval:org.secpod.oval:def:1900028 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return "/" instead of "". This could impact services that restrict the user"s filesystem access to within their home directory through chroot etc. All versions before 2.1 are vulnerable. oval:org.secpod.oval:def:1900001 An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server can overwrite arbitrary files in a directory on ... oval:org.secpod.oval:def:1900002 An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server"s user can access. This is related to the mysql.allow_local_in file PHP config ... oval:org.secpod.oval:def:1900003 ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. oval:org.secpod.oval:def:1900000 In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. oval:org.secpod.oval:def:1900009 An issue was discovered in the function mark_beginning_as_normal in nfa.cin flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of "*" characters. Remote attackers could leverage this vul ... oval:org.secpod.oval:def:1900005 python3-sqlalchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. oval:org.secpod.oval:def:1900015 ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. oval:org.secpod.oval:def:1900011 SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. oval:org.secpod.oval:def:1900017 A Denial of Service issue was discovered in the LIVE555 Strealibming-dev Media libraries as used in Live555 Media Server 0.93. It can cause an RTSP Server crash in handle HTTPCmd_Tunneling POST, when RTSP-over-HTTP tunneling is supported, via x-session cookie HTTP headers in a GET request and a POST ... oval:org.secpod.oval:def:704500 gdm3: GNOME Display Manager GDM could give unauthorized access to a different user. oval:org.secpod.oval:def:1900103 Netwide Assembler 2.14rc15 has a buffer over-read in x86/regflags.c. oval:org.secpod.oval:def:1900106 Netwide Assembler 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags. oval:org.secpod.oval:def:1900111 In libjs-dojo-core Toolkit before 1.14, there is unescaped string injection in libjs-dojo-corex/Grid/DataGrid. oval:org.secpod.oval:def:1900113 A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade an ... oval:org.secpod.oval:def:1900115 NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption of nasm when handling a crafted file due to function assemble_file at asm/nasm.c:482. vulnerability in function assemble_file at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appe ... oval:org.secpod.oval:def:1900118 Ceph does not properly sanitize encryption keys in debug logging for v4auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. oval:org.secpod.oval:def:1900141 A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type , the attacker can crash the KDC by making an S4U2Self request. oval:org.secpod.oval:def:1900142 An exploitable code execution vulnerability exists in the HTTPpacket-parsing functionality of the LIVE555 RTSP server library version0.92. A specially crafted packet can cause a stack-based buffer overflow,result ing in code execution. An attacker can send a packet to trigger this vulnerability. oval:org.secpod.oval:def:1900148 In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode,but not in m ... oval:org.secpod.oval:def:1900157 A bug in Bluez may allow for the Bluetooth Discoverable state being set toon when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable. oval:org.secpod.oval:def:1900151 In libwpd-dev 0.10.2, there is a NULL pointer dereference in the functionWP6Content Listener::defineTable in WP6Content Listener.cpp that will lead to a denial of service attack. This is related to WPXTable.h. oval:org.secpod.oval:def:1900128 bark_noise_hybridmp in psy.c in Xiph.Org libvorbis-dev 1.3.6 has a stack-based buffer over-read. oval:org.secpod.oval:def:1900135 Netwide Assembler before 2.13.02 has a use-after-free in detoken atasm/preproc.c. oval:org.secpod.oval:def:1900132 Netwide Assembler 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a global line no integer overflow. oval:org.secpod.oval:def:1900067 An issue was discovered in GEGL through 0.3.32. Thegegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in ... oval:org.secpod.oval:def:1900069 Netwide Assembler 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value. oval:org.secpod.oval:def:1900064 An issue was discovered in zziplib-bin 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack. oval:org.secpod.oval:def:1900062 The caml_ba_deserialize function in byterun/big array.c in the standardlibrary in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafte ... oval:org.secpod.oval:def:1900075 An issue was discovered in login 4.5. new gidmap is setuid and allows an unprivileged user to be placed in a user namespace where setgroups is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator h ... oval:org.secpod.oval:def:1900074 The html package through 2018-09-25 in Go mishandles<table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification. oval:org.secpod.oval:def:1900072 nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file. oval:org.secpod.oval:def:1900046 Netwide Assembler 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $and ! characters. oval:org.secpod.oval:def:1900045 Netwide Assembler 2.14rc15 has an invalid memory write in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file. oval:org.secpod.oval:def:1900043 In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces . Specifically, it is only vulnerable in GOPATH mode, but not in module mode . The attacker can cause an ar ... oval:org.secpod.oval:def:1900056 There is an illegal address access at asm/preproc.c in Netwide Assembler 2.14rc16 that will cause a denial of service because a certain conversion can result in a negative integer. oval:org.secpod.oval:def:1900059 GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure vulnerability in DNS resolver that can result in PrivateDNS queries leaked to local network"s DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages we refixed, but later u ... oval:org.secpod.oval:def:1900053 There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps-dev through 0.3.0because it does not reject negative return values from ag_input_stream_read call. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900054 An issue was discovered in GEGL through 0.3.32. Thegegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to thebabl_format ... oval:org.secpod.oval:def:1900051 An issue was discovered in zziplib-bin through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. oval:org.secpod.oval:def:1900089 mapping0_forward in mapping0.c in Xiph.Org libvorbis-dev 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1900086 Open Chinese Convert 1.0.5 allows attackers to cause a denial of service because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file. oval:org.secpod.oval:def:1900081 asm/labels.c in Netwide Assembler is prone to NULL PointerDereference, which allows the attacker to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900094 A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. oval:org.secpod.oval:def:1900034 Netwide Assembler 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. oval:org.secpod.oval:def:1900030 The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are ... oval:org.secpod.oval:def:1900032 Netwide Assembler 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file. oval:org.secpod.oval:def:1900167 The DGifDecompressLine function in dgif_lib.c in libgif-dev , as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:1900166 Directory traversal vulnerability in zziplib-bin 0.13.69 allows attackers to overwrite arbitrary files via a .. in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. oval:org.secpod.oval:def:1900169 The libaudiofile-dev Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert. oval:org.secpod.oval:def:1900162 Netwide Assembler 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack. oval:org.secpod.oval:def:1900164 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before1. ... oval:org.secpod.oval:def:1900178 In ncurses-bin 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. oval:org.secpod.oval:def:1900173 The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional , which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. oval:org.secpod.oval:def:1900176 In ncurses-bin 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. oval:org.secpod.oval:def:1900171 A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. oval:org.secpod.oval:def:1900321 XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php. oval:org.secpod.oval:def:1900323 It was discovered that libxdmcp6 before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to bruteforce the key, allowing them to hijack other users" sessions. oval:org.secpod.oval:def:1900327 ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster. oval:org.secpod.oval:def:1900300 In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brunfunction in plug-ins/file-fli/fli.c. oval:org.secpod.oval:def:1900307 The function d2ulaw_array in ulaw.c of libsndfile1 1.0.29pre1 may lead to a remote DoS attack , a different vulnerability than CVE-2017-14246. oval:org.secpod.oval:def:1900302 In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. oval:org.secpod.oval:def:1900304 In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. oval:org.secpod.oval:def:1900310 In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c via an unexpected bits-per-pixel value for an RGBA image. oval:org.secpod.oval:def:1900312 In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. oval:org.secpod.oval:def:1900311 The swri_audio_convert function in audio convert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, libaubio-dev 0.4.6, and other products,allows remote attackers to cause a denial of service via a crafted audio file. oval:org.secpod.oval:def:1900317 In python-yaml before 4.1, the yaml.load API could execute arbitrary code. In other words, yaml.safe_load is not used. oval:org.secpod.oval:def:1900286 A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadBytefunction of the gifread.c file. oval:org.secpod.oval:def:1900282 In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 , if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application rootfolder to a file of choice and querying passenger-status --show=xml. oval:org.secpod.oval:def:1900225 The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900228 Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c. oval:org.secpod.oval:def:1900227 The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900232 The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900235 There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses-bin 6.0 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900234 There is an infinite loop in the next_char function in comp_scan.c in ncurses-bin 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900230 There is a stack consumption issue in libsass-dev 3.4.5 that is triggered in the function Sass::Eval::operator in eval.cpp. It will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900239 There is an illegal address access in the function _nc_read_entry_source in progs/tic.c in ncurses-bin 6.0 that might lead to a remote denial of service attack. oval:org.secpod.oval:def:1900202 There is an illegal address access in ast.cpp of libsass-dev 3.4.5. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900201 The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service via a crafted mid file. NOTE: CPU consumption might be relevant when using the--background option. oval:org.secpod.oval:def:1900209 There is a heap based buffer over-read in lexer.hpp of libsass-dev 3.4.5. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900204 An out-of-bounds read and write flaw was found in the way SIPcrack 0.2processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic. oval:org.secpod.oval:def:1900203 The _tokenize_matrix function in audio_out.c in Xiph.Org libao-dev 1.2.0 allow sremote attackers to cause a denial of service via a crafted MP3 file. oval:org.secpod.oval:def:1900205 FontForge 20161012 is vulnerable to a buffer over-read in umodenc resulting in DoS or code execution via a crafted otf file. oval:org.secpod.oval:def:1900210 A memory leak was found in the way SIPcrack 0.2 handled processing of SIPtraffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions. oval:org.secpod.oval:def:1900213 The SdpContents::Session::Medium::parse function inresip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service by triggering many media connections. oval:org.secpod.oval:def:1900212 FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName resulting in DoS or code execution via a crafted otf file. oval:org.secpod.oval:def:1900217 The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900216 The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900262 The _zip_read_eocd64 function in zip_open.c in libzip-dev before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service via a crafted ZIP archive. oval:org.secpod.oval:def:1900277 Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 oval:org.secpod.oval:def:1900270 RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service via crafted RTP packets. oval:org.secpod.oval:def:1900244 There is an illegal address access in the function post process_termcap in parse_entry.c in ncurses-bin 6.0 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900246 There is an illegal address access in the function dump_uses in progs/dump_entry.c in ncurses-bin 6.0 that might lead to a remote denial of service attack. oval:org.secpod.oval:def:1900245 There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses-bin 6.0. It will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900240 There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses-bin 6.0 that might lead to a remote denial of service attack. oval:org.secpod.oval:def:1900252 The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis-dev 1.3.5allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted mp4 file. oval:org.secpod.oval:def:1900189 Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CASserver. oval:org.secpod.oval:def:1900188 The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain error responses from a MySQL server or a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relyi ... oval:org.secpod.oval:def:1900185 libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service via a file that begins with many "\0"characters. oval:org.secpod.oval:def:1900196 The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allow sremote attackers to cause a denial of service via a crafted mid file. NOTE: a crash might be relevant when using the --background option. oval:org.secpod.oval:def:1900195 yadm 1.10.0 has a race condition , which potentially allows access to SSH and PGP keys. oval:org.secpod.oval:def:1900191 In ncurses-bin 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. oval:org.secpod.oval:def:1900194 The resample_gauss function in resample.c in TiMidity++ 2.14.0 allow sremote attackers to cause a denial of service via a crafted mid file. NOTE: a crash might be relevant when using the--background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation. oval:org.secpod.oval:def:1900193 In ncurses-bin 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. oval:org.secpod.oval:def:1900342 The gst_asf_demux_process_ext_content_desc function ingst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service via vectors involving extended content descriptors. oval:org.secpod.oval:def:1900354 In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900355 In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900385 In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email addr ... oval:org.secpod.oval:def:1900398 The TNEFFillMapi function in lib/ytnef.c in libytnef0 in ytnef through 1.9.2does not ensure a nonzero count value before a certain memory allocation,which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted tnef file. oval:org.secpod.oval:def:1900392 PoDoFo 0.9.5 allows denial of service via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure . oval:org.secpod.oval:def:1900366 In libsamplerate0-dev before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. oval:org.secpod.oval:def:1900361 It was found that a mock CMC authentication plugin with a hard coded secret was accidentally enabled by default in the pki-core package before 10.6.4.An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. oval:org.secpod.oval:def:1900363 The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. oval:org.secpod.oval:def:1900378 In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900372 The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while read ing section contents in a corrupt binary, leading to a program crash. oval:org.secpod.oval:def:1900371 In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900373 The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted DEX file. oval:org.secpod.oval:def:1900507 Apache libtika-java before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity attacks via vectors involving spreadsheets in OOXML files and XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175 ... oval:org.secpod.oval:def:1900512 Buffer underflow in X.org libxvmc-dev before 1.0.10 allows remote X servers to have unspecified impact via an empty string. oval:org.secpod.oval:def:1900508 The icaltime_from_string function in libical-dev 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted string to the icalparser_parse_string function. oval:org.secpod.oval:def:1900522 The icalparser_parse_string function in libical-dev 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted ics file. oval:org.secpod.oval:def:1900461 The parser_get_next_char function in libical-dev 0.47 and 1.0 allows remote attackers to cause a denial of service by crafting a string to the icalparser_parse_string function. oval:org.secpod.oval:def:1900477 xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability ... oval:org.secpod.oval:def:1900472 Integer overflow in X.org libxfixes-dev before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX,which triggers the client to stop read ing data and get out of sync. oval:org.secpod.oval:def:1900442 The dex_load code function in libr/bin/p/bin_dex.c in radare2 1.2.1 allow sremote attackers to cause a denial of service via a crafted DEX file. oval:org.secpod.oval:def:1900444 WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header,which could potentially lead to clickjacking. oval:org.secpod.oval:def:1900455 libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript,has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash when parsing an invalid file. oval:org.secpod.oval:def:1900450 In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900458 WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. oval:org.secpod.oval:def:1900497 Cross-site scripting vulnerability in flash/Flashlibjs-mediaelement.as in libjs-mediaelement.js before 2.21.0, as used in WordPress before 4.5.2, allow sremote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by"jsinitfunctio%gn ... oval:org.secpod.oval:def:1900422 The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698. oval:org.secpod.oval:def:1900427 Stack-based buffer overflow in the libpcre3-dev2_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1900423 The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1allows remote attackers to cause a denial of service via a crafted DEX file. oval:org.secpod.oval:def:1900425 Memory leak in the vcard_apdu_new function in card_7816.c in libcacard0before 2.5.3 allows local guest OS users to cause a denial of service via vectors related to allocating a new APDU object. oval:org.secpod.oval:def:1900430 In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user"s preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit th ... oval:org.secpod.oval:def:1900405 objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads while handling corrupt STABS enum typestrings in a crafted object file, leading to program crash. oval:org.secpod.oval:def:1900413 Stack-based buffer overflow in the libpcre3-dev2_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1900412 The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900569 The XvQueryAdaptors and XvQueryEncodings functions in X.org libxv-dev before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. oval:org.secpod.oval:def:1900573 X.org libxi-dev before 1.7.7 allows remote X servers to cause a denial of service via vectors involving length fields. oval:org.secpod.oval:def:1900579 The icalproperty_new_clone function in libical-dev 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted icsfile. oval:org.secpod.oval:def:1900747 In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. oval:org.secpod.oval:def:1900746 GNOME Web 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. oval:org.secpod.oval:def:1900759 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. oval:org.secpod.oval:def:1900754 The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder 1.28 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:1900753 The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. oval:org.secpod.oval:def:1900756 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA based off of CNT 3. Further investigation determined that there was a secure method for using the directive. Notes: none. oval:org.secpod.oval:def:1900719 In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream in sass_context.cpp. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900732 An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata a few data types were not checked for being in bounds, leading to a heap-based buffer over-read. oval:org.secpod.oval:def:1900786 In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900556 Tilibming-dev attack vulnerability oval:org.secpod.oval:def:1900797 readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. oval:org.secpod.oval:def:1900799 The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:1900762 The elf_object_p function in elfcode.h in the Binary File Descriptor library , as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service or possibly have unspecif ... oval:org.secpod.oval:def:1900765 WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image c ... oval:org.secpod.oval:def:1900767 There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. oval:org.secpod.oval:def:1900772 Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot"s AES-CBC encryption feature using environment encryption read environment variables from disk as the encrypted disk image is processed. An attacker with physical access ... oval:org.secpod.oval:def:1900771 In libquicktime-dev 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900774 An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op is due to a failure to check a pointer for being in bounds . oval:org.secpod.oval:def:1900779 A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. oval:org.secpod.oval:def:1900715 A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. oval:org.secpod.oval:def:1900710 Prevent a MITM from forcing a NULL cipher for UDP oval:org.secpod.oval:def:1900711 GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service , related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt. oval:org.secpod.oval:def:1900707 An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. oval:org.secpod.oval:def:1900709 There is a stack consumption vulnerability in the lex function in parser.hpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. oval:org.secpod.oval:def:1900684 In Apache Tika 1.19 , we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. ... oval:org.secpod.oval:def:1900697 An issue was discovered in liburiparser1 before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. oval:org.secpod.oval:def:1900699 etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. oval:org.secpod.oval:def:1900662 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. oval:org.secpod.oval:def:1900666 The spice-client-gtk widget allows remote authenticated users to obtain information from the host clipboard. oval:org.secpod.oval:def:1900672 There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900674 libical-dev allows remote attackers to cause a denial of service and possibly read heap memory via a crafted ics file. oval:org.secpod.oval:def:1900670 An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service upon allocation failure. oval:org.secpod.oval:def:1900821 In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900831 bfd/vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_ ... oval:org.secpod.oval:def:1900815 In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. oval:org.secpod.oval:def:1901003 The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:1900980 Async Http Client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a "?" character occurs in a fragment identifier. Similar bugs were previously identified in cURL and Oracle Java 8 java.net.URL. oval:org.secpod.oval:def:1900982 opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1900984 In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn"t stop when it should after no match is found; inste ... oval:org.secpod.oval:def:1900987 phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php. oval:org.secpod.oval:def:1900994 The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900998 A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. oval:org.secpod.oval:def:1900960 The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution. oval:org.secpod.oval:def:1900974 In the GNU C Library through 2.29, the memcmp function for the x32 architecture can incorrectly return zero because the RDX most significant bit is mishandled. oval:org.secpod.oval:def:1900976 cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry. oval:org.secpod.oval:def:1900901 The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. oval:org.secpod.oval:def:1900900 opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1900913 Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. oval:org.secpod.oval:def:1900905 In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. oval:org.secpod.oval:def:1900907 GNU Binutils 2.28 allows remote attackers to cause a denial of service via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. oval:org.secpod.oval:def:1900939 There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. oval:org.secpod.oval:def:1900925 The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service via a crafted Web Assembly file. oval:org.secpod.oval:def:1900916 The decode_residual function in libav-toolscodec in libav-tools 9.21 allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted h264 video file. oval:org.secpod.oval:def:1900918 dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on ... oval:org.secpod.oval:def:1900927 GNU Binutils 2.28 allows remote attackers to cause a denial of service via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c. oval:org.secpod.oval:def:1900868 HTTPoxy oval:org.secpod.oval:def:1900867 rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem. oval:org.secpod.oval:def:1900864 unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service , which could be relevant if unrarlib is used as library code for a long-running application. oval:org.secpod.oval:def:1900873 The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "o ... oval:org.secpod.oval:def:1900874 It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the "System: Read Stage Users" permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclo ... oval:org.secpod.oval:def:1900877 Multiple buffer overflows in the XvQueryAdaptors and XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. oval:org.secpod.oval:def:1900876 An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not norm ... oval:org.secpod.oval:def:1900852 Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page. oval:org.secpod.oval:def:1900889 In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. oval:org.secpod.oval:def:1900886 SimpleXML is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. oval:org.secpod.oval:def:1900899 GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow while attempting to unget an EOF character from the input stream, potentially leading to a program crash. oval:org.secpod.oval:def:1901037 An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. oval:org.secpod.oval:def:1901034 ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. oval:org.secpod.oval:def:1901047 In Moodle 3.3, the course overview block reveals activities in hidden courses. oval:org.secpod.oval:def:1901014 The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users. oval:org.secpod.oval:def:1901010 In Moodle 3.x, course creators are able to change system default settings for courses. oval:org.secpod.oval:def:1901011 An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service upon allocation failure. oval:org.secpod.oval:def:1901025 There is an illegal address access in Sass::Eval::operator in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor"s CVE-2017-11555 fix . oval:org.secpod.oval:def:1901029 The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to decrypt hashed passwords by leveraging knowledge of client registration codes or gain login access by eavesdropping on login messages and re-using the hashed passwords. oval:org.secpod.oval:def:704925 python-gnupg: Python wrapper for the GNU Privacy Guard Several security issues were fixed in python-gnupg oval:org.secpod.oval:def:1901200 rsyslog librelp0 version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by se ... oval:org.secpod.oval:def:1901207 The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901236 In SWFTools, a memcpy buffer overflow was found in swfc. oval:org.secpod.oval:def:1901243 FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fix ... oval:org.secpod.oval:def:1901214 In libquicktime-dev 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901213 In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in liblibhdf5-dev.a. For example, h5dump would crash when someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901218 U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality. oval:org.secpod.oval:def:1901222 examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901152 In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. oval:org.secpod.oval:def:1901164 OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c oval:org.secpod.oval:def:1901133 lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901132 An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read. oval:org.secpod.oval:def:1901142 X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. oval:org.secpod.oval:def:1901144 backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901143 There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. Th ... oval:org.secpod.oval:def:1901196 In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. oval:org.secpod.oval:def:1901195 liblibvips-dev before 8.7.4 writes to uninitialized memory locations in unspecified error cases because iofuncs/memory.c does not zero out allocated memory. oval:org.secpod.oval:def:1901175 Moodle 3.x has user fullname disclosure on the user preferences page. oval:org.secpod.oval:def:1901174 Cross-site scripting vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NO ... oval:org.secpod.oval:def:1901184 libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service via a crafted rule that is mishandled in the yr_re_exec function. oval:org.secpod.oval:def:1900469 Arbitrary File Write oval:org.secpod.oval:def:1901111 The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service via a crafted file. NOTE: this typically has no risk; this crash of this command-line program has no further consequences for availability. oval:org.secpod.oval:def:1901125 libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901103 Docker Engine before 18.09 allows attackers to cause a denial of service via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. oval:org.secpod.oval:def:1901092 In Apache libuima-core-java prior to 2.10.2, Apache libuima-core-java 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion capability of various XML parsers. UIMA ... oval:org.secpod.oval:def:1901273 The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. oval:org.secpod.oval:def:1901255 The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to. oval:org.secpod.oval:def:1901254 In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. oval:org.secpod.oval:def:1901073 tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. oval:org.secpod.oval:def:1901070 The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. oval:org.secpod.oval:def:1901087 [improper input validation in gnupg.GPG.encrypt and gnupg.GPG.decrypt] oval:org.secpod.oval:def:1901082 There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1901080 The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1901056 The authentication protocol allows an oracle attack that could potentially be exploited. oval:org.secpod.oval:def:1901069 FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially c ... oval:org.secpod.oval:def:1901062 In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in liblibhdf5-dev.a. For example, h5dump would crash when someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901431 readelf in GNU Binutils 2.28 has a use-after-free error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations. oval:org.secpod.oval:def:1901433 In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. oval:org.secpod.oval:def:1901430 Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions. oval:org.secpod.oval:def:1901442 The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during " ... oval:org.secpod.oval:def:1901446 Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot"s use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt th ... oval:org.secpod.oval:def:1901448 The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write while disassembling a corrupt binary that contains an empty function name, leading to a program crash. oval:org.secpod.oval:def:1901410 GNU Binutils 2.28 allows remote attackers to cause a denial of service via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. oval:org.secpod.oval:def:1901419 FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. oval:org.secpod.oval:def:1901416 Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp1 library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet. oval:org.secpod.oval:def:1901420 In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. oval:org.secpod.oval:def:1901422 In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. oval:org.secpod.oval:def:1901429 The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file dur ... oval:org.secpod.oval:def:1901425 In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can"t access. oval:org.secpod.oval:def:1901426 guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901476 Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp1 library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet. oval:org.secpod.oval:def:1901474 An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user"s valid phpMyAdmin token. All 4.0.x versions are affected. oval:org.secpod.oval:def:1901489 There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service. oval:org.secpod.oval:def:1901483 FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow attackers to conduct external XML entity attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. oval:org.secpod.oval:def:1901480 GNU linker in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of "\0" termination of a name field in ldlex.l. oval:org.secpod.oval:def:1901450 X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service via a reply in the XRecordStartOfData, XRecordEndOfData, or XRecordClientDied category without a client sequence and with attached data. oval:org.secpod.oval:def:1901459 In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. oval:org.secpod.oval:def:1901460 The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service via a crafted rule. oval:org.secpod.oval:def:1901463 JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors. oval:org.secpod.oval:def:1901401 It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling. oval:org.secpod.oval:def:1901399 tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. oval:org.secpod.oval:def:1901398 The pe_ILF_object_p function in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and ... oval:org.secpod.oval:def:1901371 In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in liblibhdf5-dev.a. For example, h5dump would crash when someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901370 FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. oval:org.secpod.oval:def:1901387 XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity issue. oval:org.secpod.oval:def:1901389 readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. oval:org.secpod.oval:def:1901311 In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. oval:org.secpod.oval:def:1901324 An issue was discovered in liburiparser1 before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the "&" character is mishandled in certain contexts. oval:org.secpod.oval:def:1901325 slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, a ... oval:org.secpod.oval:def:1901530 libcgroup1 up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. oval:org.secpod.oval:def:1901532 readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. oval:org.secpod.oval:def:1901538 liblivemedia-dev in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash or possibly have unspecified other impact. oval:org.secpod.oval:def:1901534 uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534. oval:org.secpod.oval:def:1901542 The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this fi ... oval:org.secpod.oval:def:1901307 DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image. oval:org.secpod.oval:def:1901356 The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c ... oval:org.secpod.oval:def:1901359 An issue was discovered in liburiparser1 before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication. oval:org.secpod.oval:def:1901365 GNU Debugger 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. oval:org.secpod.oval:def:1901368 The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:1901364 The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service via an empty field that should have contained a hostname or IP address. oval:org.secpod.oval:def:1901363 Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. oval:org.secpod.oval:def:1901360 The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder 1.28 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:1901333 In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901334 base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901344 The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901345 In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no "\0" character after the version string. oval:org.secpod.oval:def:1901340 batteriesConfig.mlp in OCaml Batteries Included 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901341 An accessibility flaw was found in the OpenStack Workflow service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. oval:org.secpod.oval:def:1901349 A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. oval:org.secpod.oval:def:1901517 Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. oval:org.secpod.oval:def:1901516 In Moodle 3.x, there is XSS in the assignment submission page. oval:org.secpod.oval:def:1901529 The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1901523 Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service via vectors involving length fields. oval:org.secpod.oval:def:1901279 FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. oval:org.secpod.oval:def:1901288 Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp1 library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets. oval:org.secpod.oval:def:1901287 In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS. oval:org.secpod.oval:def:1901286 DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled. oval:org.secpod.oval:def:1901281 i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is n ... oval:org.secpod.oval:def:1901491 The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" c ... oval:org.secpod.oval:def:1901298 Cross-site request forgery vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua. oval:org.secpod.oval:def:1901670 Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. oval:org.secpod.oval:def:1901682 A cross site scripting vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts ... oval:org.secpod.oval:def:1901689 In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PNG file. oval:org.secpod.oval:def:1901653 SQL injection in multiple remote calls oval:org.secpod.oval:def:1901650 A flaw was found in RPC request using gfs2_create_req in glusterfs-common server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs-common server nodes. oval:org.secpod.oval:def:1901664 In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity attacks, as demonstrated by /ServerView. oval:org.secpod.oval:def:1901660 A cross site scripting vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/ht ... oval:org.secpod.oval:def:1901696 gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service via a crafted web site, as demonstrated by GNOME Web . oval:org.secpod.oval:def:1901691 In SWFTools, a stack overflow was found in pdf2swf. oval:org.secpod.oval:def:1901694 When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load function in lib/png.c. oval:org.secpod.oval:def:1901600 Remote code execution in lspci_process oval:org.secpod.oval:def:1901638 A flaw was found in RPC request using gfs3_rename_req in glusterfs-common server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. oval:org.secpod.oval:def:1901637 The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the "features/index" translator via the code handling the "GF_XATTR_CLRLK_CMD" xattr in the "pl_getxattr" function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial o ... oval:org.secpod.oval:def:1901635 A flaw was found in RPC request using gfs3_symlink_req in glusterfs-common server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary c ... oval:org.secpod.oval:def:1901640 The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the "GF_XATTR_IOSTATS_DUMP_KEY" xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling "setxattr" to trigger a state dump and create ... oval:org.secpod.oval:def:1901643 The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1901649 An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerab ... oval:org.secpod.oval:def:1901645 A flaw was found in RPC request using gfs3_lookup_req in glusterfs-common server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. oval:org.secpod.oval:def:1901647 DoS in process_demand_active oval:org.secpod.oval:def:1901618 It was found that usage of snprintf function in feature/locks translator of glusterfs-common server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. oval:org.secpod.oval:def:1901611 DoS in sec_parse_crypt_info and in sec_recv oval:org.secpod.oval:def:1901621 FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provide ... oval:org.secpod.oval:def:1901629 rbenv is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution oval:org.secpod.oval:def:1901619 It was found that glusterfs-common server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient ... oval:org.secpod.oval:def:1901558 the web framework using ljharb"s qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash. oval:org.secpod.oval:def:1901568 An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata is due to a failure to check a pointer for being in bounds and a failure in a check in dwarf_attr_list. oval:org.secpod.oval:def:1901773 In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. oval:org.secpod.oval:def:1901782 Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 . Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. oval:org.secpod.oval:def:1901788 mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service via a crafted MP3 file. oval:org.secpod.oval:def:1901597 It was found that an attacker could issue a xattr request via glusterfs-common FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. oval:org.secpod.oval:def:1901596 The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the "__server_getspec" function via the "gf_getspec_req" RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. oval:org.secpod.oval:def:1901599 It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs-common server node ... oval:org.secpod.oval:def:1901592 Major information leak in ui_clip_handle_data oval:org.secpod.oval:def:1901594 It was found that the "mknod" call derived from mknod can create files pointing to devices on a glusterfs-common server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs-common server node. oval:org.secpod.oval:def:1901591 A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs-common server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs-common server node. oval:org.secpod.oval:def:1901574 An information disclosure vulnerability was discovered in glusterfs-common server. An attacker could issue a xattr request via glusterfs-common FUSE to determine the existence of any file. oval:org.secpod.oval:def:1901577 The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1901571 The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901579 A flaw was found in the way dic_unserialize function of glusterfs-common does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. oval:org.secpod.oval:def:1901587 Memory corruption in rdp_in_unistr oval:org.secpod.oval:def:1901581 DoS in mcs_recv_connect_response and in mcs_parse_domain_params oval:org.secpod.oval:def:1901584 It was found that glusterfs-common server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using "alloca". An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed bu ... oval:org.secpod.oval:def:1901580 Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1(POI bugs 61338 and 61294 oval:org.secpod.oval:def:1901715 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d." oval:org.secpod.oval:def:1901714 When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup function in lib/q.c. oval:org.secpod.oval:def:1901717 In SWFTools, an address access exception was found in swfdump swf_GetBits. oval:org.secpod.oval:def:1901716 In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file. oval:org.secpod.oval:def:1901710 The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer ... oval:org.secpod.oval:def:1901712 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV starting at image00000000_00400000+0x000000000001b72a." oval:org.secpod.oval:def:1901707 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b5fe." oval:org.secpod.oval:def:1901726 In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service via a crafted WAV file. oval:org.secpod.oval:def:1901725 When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite function in lib/rxfswf.c. oval:org.secpod.oval:def:1901727 The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by s ... oval:org.secpod.oval:def:1901722 The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1901721 In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF oval:org.secpod.oval:def:1901724 SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero. oval:org.secpod.oval:def:1901723 SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71" issue. This issue can be triggered by a malformed TTF file that is mishandled by font2swf. Attackers could exploit this issue for DoS . oval:org.secpod.oval:def:1901719 In SWFTools, a memcpy buffer overflow was found in gif2swf. oval:org.secpod.oval:def:1901718 When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter function in lib/modules/swffilter.c. oval:org.secpod.oval:def:1901704 When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono function in lib/wav.c. oval:org.secpod.oval:def:1901706 When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate function in lib/modules/swftools.c. oval:org.secpod.oval:def:1901705 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b596." oval:org.secpod.oval:def:1901701 In SWFTools, a memory leak was found in wav2swf. oval:org.secpod.oval:def:1901751 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters. oval:org.secpod.oval:def:1901750 A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability can access other users" Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging ... oval:org.secpod.oval:def:1901752 An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc. oval:org.secpod.oval:def:1901757 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters. oval:org.secpod.oval:def:1901763 In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. oval:org.secpod.oval:def:1901769 In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. oval:org.secpod.oval:def:1901733 Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. oval:org.secpod.oval:def:1901740 A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities oval:org.secpod.oval:def:1901749 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits. oval:org.secpod.oval:def:1901746 A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly . Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploit ... oval:org.secpod.oval:def:1901896 A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453. oval:org.secpod.oval:def:1901892 A use-after-free defect was discovered in pacemaker that can possibly lead to unsolicited information disclosure in the log outputs. oval:org.secpod.oval:def:1901897 An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. oval:org.secpod.oval:def:704909 pacemaker: Cluster resource manager Several security issues were fixed in Pacemaker. oval:org.secpod.oval:def:704904 znc: advanced modular IRC bouncer ZNC could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1901838 The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. oval:org.secpod.oval:def:1901834 Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site. oval:org.secpod.oval:def:1901840 library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901809 ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service via invalid encoding. oval:org.secpod.oval:def:1901825 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. oval:org.secpod.oval:def:1901827 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. oval:org.secpod.oval:def:1901826 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. oval:org.secpod.oval:def:1901821 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. oval:org.secpod.oval:def:1901820 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. oval:org.secpod.oval:def:1901823 FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. oval:org.secpod.oval:def:1901819 In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string in the View poller cache, leading to XSS. oval:org.secpod.oval:def:1901873 DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost and trick the browser into sending requests to localhost . oval:org.secpod.oval:def:1901876 In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. oval:org.secpod.oval:def:1901875 In GraphicsMagick 1.4 snapshot-20181209 Q8 there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specific ... oval:org.secpod.oval:def:1901878 A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe but POST allows creating in-order keys that an attacker can send. oval:org.secpod.oval:def:1901882 stb stb_image.h 2.19 as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. oval:org.secpod.oval:def:1901861 Hard coded domain name in example web service named StockQuoteService.jws leading to remote code execution oval:org.secpod.oval:def:1901862 In HDF5 1.10.1 there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901869 In GraphicsMagick 1.3.31 the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping , and therefore lacks indexes initialization. oval:org.secpod.oval:def:1901864 In HDF5 1.10.1 there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in liblibhdf5-dev.a. For example, h5dump would crash when someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1902087 A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of se ... oval:org.secpod.oval:def:1902083 A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF a ... oval:org.secpod.oval:def:1902080 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:1902082 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated ... oval:org.secpod.oval:def:1902081 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:1902090 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump. oval:org.secpod.oval:def:1902093 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. oval:org.secpod.oval:def:1902065 binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be ex ... oval:org.secpod.oval:def:1902067 load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. oval:org.secpod.oval:def:1902077 finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. oval:org.secpod.oval:def:1902078 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. oval:org.secpod.oval:def:1902073 The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service , as demonstrated by nm. oval:org.secpod.oval:def:1902074 A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. oval:org.secpod.oval:def:1902071 An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote atta ... oval:org.secpod.oval:def:1902005 snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir to the current working directory of the calling user, aka a "cwd restore permission bypass." oval:org.secpod.oval:def:1902017 OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service. oval:org.secpod.oval:def:1902016 Unrestricted file upload in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. oval:org.secpod.oval:def:1902010 It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux. oval:org.secpod.oval:def:1902019 OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec call in the PHP code. Authentication is needed in order to exploit this vulnerability ... oval:org.secpod.oval:def:1902018 OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. oval:org.secpod.oval:def:1902047 An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h. oval:org.secpod.oval:def:1902042 In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker. oval:org.secpod.oval:def:1902059 An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote ... oval:org.secpod.oval:def:1902055 Yubico libpam-u2f 1.0.7 attempts parsing of the configured authfile as root , and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be ... oval:org.secpod.oval:def:1902051 In Yubico libpam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it ... oval:org.secpod.oval:def:1902053 An issue was discovered in phpMyAdmin before 4.8.6. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. oval:org.secpod.oval:def:1902052 An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim"s phpMyAdmin database, and the attacker can ... oval:org.secpod.oval:def:1902025 The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service , as demonstrated by SoundStretch. oval:org.secpod.oval:def:1902029 libsoundtouch-dev version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock that can result in arbitrary code execution. This attack appear to be exploitable via victim must open malicious file in soundstretch utility. oval:org.secpod.oval:def:1902033 The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact, as demonstrated by SoundStretch. oval:org.secpod.oval:def:1902032 The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact, as demonstrated by SoundStretch. oval:org.secpod.oval:def:1902031 Capstone 3.0.4 has an out-of-bounds vulnerability in X86_insn_reg_intel in arch/X86/X86Mapping.c. oval:org.secpod.oval:def:1901951 aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. oval:org.secpod.oval:def:1901959 Byobu Apport hook may disclose sensitive information since it automatically uploads the local user"s .screenrc which may contain private hostnames, usernames and passwords. oval:org.secpod.oval:def:1901954 Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are bui ... oval:org.secpod.oval:def:1901961 A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial"s path-checking logic and write files outside a repository. oval:org.secpod.oval:def:1901935 Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. oval:org.secpod.oval:def:1901937 TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/ ... oval:org.secpod.oval:def:1901936 Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334. oval:org.secpod.oval:def:1901942 Vulnerability in the MySQL Workbench component of Oracle MySQL . Supported versions that are affected are 6.3.10 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulner ... oval:org.secpod.oval:def:1901941 gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs. oval:org.secpod.oval:def:1901939 Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension. oval:org.secpod.oval:def:1901938 Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities are properly considered. This is related to XmlRepresentation, DOMRepresentation, SaxRepresentation, and JacksonR ... oval:org.secpod.oval:def:1901993 systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE check is mishandled. oval:org.secpod.oval:def:1901970 An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. oval:org.secpod.oval:def:1901978 cleartext message spoofing oval:org.secpod.oval:def:1901981 In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. oval:org.secpod.oval:def:1901980 An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter ... oval:org.secpod.oval:def:1901900 hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. oval:org.secpod.oval:def:1902126 libqb-dev before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames without O_EXCL. oval:org.secpod.oval:def:1902116 Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service . The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list ... oval:org.secpod.oval:def:1902119 In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible out-of-bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 ... oval:org.secpod.oval:def:704933 monit: utility for monitoring and managing daemons or similar programs Several security issues were fixed in Monit oval:org.secpod.oval:def:1900533 The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. oval:org.secpod.oval:def:1900095 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messingup terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, . oval:org.secpod.oval:def:1900174 In the cron package through 3.0pl1-128 on Debian, and through3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. oval:org.secpod.oval:def:1900353 libexif-dev through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif-dev/exif-data.c caused by improper length computation of the allocated data of an ExifMnoteentry which can cause denial-of-service or possibly information disclosure. oval:org.secpod.oval:def:1901457 The flv_write_packet function in libav-toolsformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure. oval:org.secpod.oval:def:50269 scp client spoofing via stderr oval:org.secpod.oval:def:1900131 Directory Traversal with ../ sequences occurs in AccountsService before0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb in user.c. oval:org.secpod.oval:def:50278 irssi: terminal based IRC client Irssi could be made to crash or execute arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:50279 policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access. oval:org.secpod.oval:def:1901604 An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exis ... oval:org.secpod.oval:def:1901884 A flaw was found in the way pacemaker"s client-server authentication was implemented. A local attacker could use this flaw and combine it with other IPC weaknesses, to achieve local privilege escalation. oval:org.secpod.oval:def:1901881 A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS oval:org.secpod.oval:def:49675 perl: Practical Extraction and Report Language Several security issues were fixed in Perl. oval:org.secpod.oval:def:1900520 A vulnerability was found in libexif-dev. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service and Information Disclosure . oval:org.secpod.oval:def:1901612 BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed ... oval:org.secpod.oval:def:68046 libapache2-mod-perl2: Integration of perl with the Apache2 web server mod_perl could be made to run programs contrary to expectations. oval:org.secpod.oval:def:68049 freerdp2: RDP client for Windows Terminal Services - freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP. oval:org.secpod.oval:def:48685 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:704414 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:704873 busybox: Tiny utilities for small and embedded systems Several security issues were fixed in BusyBox. oval:org.secpod.oval:def:1900055 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. oval:org.secpod.oval:def:1902054 aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 does not check for sscanf failure and consequently allows use of uninitialized variables. oval:org.secpod.oval:def:1902050 Modelines allow arbitrary code execution by opening a specially crafted text file oval:org.secpod.oval:def:1902022 FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress and results in a memory corruption and probably even a remote code execution. oval:org.secpod.oval:def:1902021 FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update and results in a memory corruption and probably even a remote code execution. oval:org.secpod.oval:def:1902023 FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service . oval:org.secpod.oval:def:1902020 FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode that results in a memory corruption and possibly even a remote code execution. oval:org.secpod.oval:def:1900466 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service via a crafted MSDOS partition table with an extended partition boot record at zero offset. oval:org.secpod.oval:def:1900470 run user in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal"s input buffer. oval:org.secpod.oval:def:1900453 In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function inImfHuf.cpp could cause the application to crash. oval:org.secpod.oval:def:1900214 In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution;it may result in denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:1900031 Squid before 4.4, when SNMP is enabled, allows a denial of service via an SNMP packet. oval:org.secpod.oval:def:1901585 An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option in networking/udhcp/common.c that 4-byte options a ... oval:org.secpod.oval:def:1901950 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. oval:org.secpod.oval:def:1901957 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. oval:org.secpod.oval:def:1901960 The EAP-pwd implementation in hostapd before 2.8 and wpasupplicant_supplicant before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference . This affects ea ... oval:org.secpod.oval:def:1901720 get_8bit_row in rdbmp.c in libturbojpeg through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. oval:org.secpod.oval:def:50337 Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a la ... oval:org.secpod.oval:def:50590 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. oval:org.secpod.oval:def:50589 runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. oval:org.secpod.oval:def:1901948 An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. oval:org.secpod.oval:def:1901944 An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. oval:org.secpod.oval:def:1901943 libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted HEVC data. oval:org.secpod.oval:def:705011 neovim: heavily refactored vim fork Neovim could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:705012 vim: Vi IMproved - enhanced vi editor Several security issues were fixed in Vim. oval:org.secpod.oval:def:68051 glib2.0: GLib Input, Output and Streaming Library GLib did not properly restrict directory and file permissions. oval:org.secpod.oval:def:1900408 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function inImfHuf.cpp could cause the application to crash. oval:org.secpod.oval:def:1900404 In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function inImfZip.cpp could cause the application to crash. oval:org.secpod.oval:def:1902125 In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. oval:org.secpod.oval:def:1902127 In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. oval:org.secpod.oval:def:1902123 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements . T ... oval:org.secpod.oval:def:1902122 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements , aka Magellan. oval:org.secpod.oval:def:704971 freerdp: RDP client for Windows Terminal Services Details: USN-3845-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 18.10. Original advisory Several security issues were fixed in FreeRDP. oval:org.secpod.oval:def:1901072 v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service because of a race condition during file renaming. oval:org.secpod.oval:def:54577 wpa: client support for WPA and WPA2 wpa_supplicant and hostapd could be made to crash if they received specially crafted network traffic. oval:org.secpod.oval:def:1901153 Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an ap ... oval:org.secpod.oval:def:1900145 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1901811 There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900798 Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thun ... oval:org.secpod.oval:def:1900922 Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, an ... oval:org.secpod.oval:def:1900076 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.38 and prior and5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of th ... oval:org.secpod.oval:def:1900041 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1900050 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.58 and prior,5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ... oval:org.secpod.oval:def:1901316 Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thun ... oval:org.secpod.oval:def:50600 Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow. oval:org.secpod.oval:def:1900163 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1902113 An error within the "parse_tiff_ifd" function in LibRaw versions before 0.18.2 can be exploited to corrupt memory. oval:org.secpod.oval:def:1901260 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1900159 An issue was discovered in libjpeg 9a. The get_text_gray_row function inrdppm.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900120 mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent a ... oval:org.secpod.oval:def:1901839 An error within the "LibRaw::xtrans_interpolate" function in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. oval:org.secpod.oval:def:1900721 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Su ... oval:org.secpod.oval:def:1900737 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromis ... oval:org.secpod.oval:def:1900795 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1900953 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1900934 Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th ... oval:org.secpod.oval:def:1901165 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of t ... oval:org.secpod.oval:def:1900070 An issue was discovered in libjpeg 9a. The get_text_rgb_row function inrdppm.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900224 When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22,8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by th ... oval:org.secpod.oval:def:1901337 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Su ... oval:org.secpod.oval:def:1901503 Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, an ... oval:org.secpod.oval:def:1901277 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ... oval:org.secpod.oval:def:1901048 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1902114 An error related to the "LibRaw::panasonic_load_raw" function in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. oval:org.secpod.oval:def:1901263 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ... oval:org.secpod.oval:def:1901066 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ ... oval:org.secpod.oval:def:1900116 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.41 and prior, 5.7.23and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ... oval:org.secpod.oval:def:1900320 RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. oval:org.secpod.oval:def:1900147 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.61 and prior,5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise My ... oval:org.secpod.oval:def:1901486 Vulnerability in the MySQL Client component of Oracle MySQL . Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromis ... oval:org.secpod.oval:def:1901004 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Su ... oval:org.secpod.oval:def:1900395 Integer overflow in io-ico.c in libgdk-pixbuf2.0-dev allows context-dependent attackers to cause a denial of service via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. oval:org.secpod.oval:def:1901807 device_tree: heap buffer overflow while loading device tree blob oval:org.secpod.oval:def:1900717 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1900319 RubyGems version 2.6.12 and earlier fails to validate specification names,allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. oval:org.secpod.oval:def:704432 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:704433 python-django: High-level Python web development framework Django could be made to expose spoofed information over the network. oval:org.secpod.oval:def:704439 php-pear: PHP Extension and Application Repository XXX FILL ME IN: Summary for regular users XXX XXX LOCAL TEMPLATES XXX PEAR could be made to run programs if it processed a specially crafted file. oval:org.secpod.oval:def:704437 systemd: system and service manager Several security issues were fixed in systemd. oval:org.secpod.oval:def:704421 cups: Common UNIX Printing System CUPS could be made to expose sensitive information. oval:org.secpod.oval:def:704423 poppler: PDF rendering library Details: USN-3837-1 fixed vulnerabilities in poppler. A regression was reported regarding the previous update. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3837-1 introduced a regression in poppler. oval:org.secpod.oval:def:704425 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704417 ghostscript: PostScript and PDF interpreter Details: USN-3831-1 fixed vulnerabilities in Ghostscript. Ghostscript 9.26 introduced a regression when used with certain options. This update fixes the problem. Original advisory USN-3831-1 introduced a regression in Ghostscript. oval:org.secpod.oval:def:704419 wavpack: audio codec - encoder and decoder Several security issues were fixed in WavPack. oval:org.secpod.oval:def:704400 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:1900063 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server exe ... oval:org.secpod.oval:def:1900066 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.61and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise M ... oval:org.secpod.oval:def:704406 libssh: A tiny C SSH library Details: USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Original advisory USN-3795-1 and USN-3795-2 introduced a regression in libssh. oval:org.secpod.oval:def:704407 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:1900096 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.41 and prior, 5.7.23and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ... oval:org.secpod.oval:def:1900222 A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server,could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-client-gtk versions through 0.34are ... oval:org.secpod.oval:def:1900446 The make_available_at_least function in io-libtiff-tools.c in libgdk-pixbuf2.0-dev allows context-dependent attackers to cause a denial of service via a large libtiff-tools file. oval:org.secpod.oval:def:1900037 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.41 and prior, 5.7.23and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ... oval:org.secpod.oval:def:704398 firefox: Mozilla Open Source web browser Details: USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3801-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:704383 libmspack: library for Microsoft compression formats Several security issues were fixed in libmspack. oval:org.secpod.oval:def:704384 gettext: GNU Internationalization utilities gettext could be made to execute arbitrary code if it received a specially crafted message. oval:org.secpod.oval:def:704381 nginx: small, powerful, scalable web/proxy server Several security issues were fixed in nginx. oval:org.secpod.oval:def:704372 ruby2.5: Interpreter of object-oriented scripting language Ruby - ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:704373 systemd: system and service manager systemd-networkd could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704371 network-manager: Network connection manager NetworkManager could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1900409 Integer underflow in the load_resources function in io-icns.c in libgdk-pixbuf2.0-dev allows context-dependent attackers to cause a denial of service via a crafted image entry size in anICO file. oval:org.secpod.oval:def:704365 libssh: A tiny C SSH library Details: USN-3795-1 fixed a vulnerability in libssh. This update provides the corresponding update for Ubuntu 18.10. Original advisory libssh could allow unintended access to network services. oval:org.secpod.oval:def:704366 requests: elegant and simple HTTP library for Python Details: USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 Original advisory Requests could be made to expose sensitive information if it received a specially crafted HTTP header. oval:org.secpod.oval:def:704367 paramiko: Python SSH2 library Details: USN-3796-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 18.10. Original advisory Paramiko could allow unintended access to network services. oval:org.secpod.oval:def:704362 texlive-bin: TeX Live: path search library for TeX Details: USN-3788-1 fixed vulnerabilities in Tex Live. This update provides the corresponding update for Ubuntu 18.10 Original advisory Several security issues were fixed in Tex Live. oval:org.secpod.oval:def:704364 net-snmp: SNMP server and applications Details: USN-3792-1 fixed a vulnerability in Net-SNMP. This update provides the corresponding update for Ubuntu 18.10. Original advisory Net-SNMP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704369 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:1901095 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1901496 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. oval:org.secpod.oval:def:704941 postgresql-10: Object-relational SQL database - postgresql-9.5: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:1901676 GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may re ... oval:org.secpod.oval:def:1901684 GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100. oval:org.secpod.oval:def:1900117 In Liblibtiff-tools 4.0.9, there is a NULL pointer dereference in the libtiff-toolsWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by libtiff-tools set. oval:org.secpod.oval:def:1900140 NULL pointer dereference in several CMS functions result ing in a denial of service oval:org.secpod.oval:def:1901473 Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. oval:org.secpod.oval:def:50270 scp client spoofing via stderr oval:org.secpod.oval:def:50267 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. oval:org.secpod.oval:def:50268 scp client missing received object name validation oval:org.secpod.oval:def:1900985 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ ... oval:org.secpod.oval:def:1900757 An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump. oval:org.secpod.oval:def:1900725 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1901806 An out-of-bounds heap read condition when scanning PE files oval:org.secpod.oval:def:1901808 Buffer overflow vulnerability oval:org.secpod.oval:def:1901854 libxslt1-dev through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:704499 systemd: system and service manager systemd could be made to crash if it received specially a crafted D-Bus message. oval:org.secpod.oval:def:704493 python-django: High-level Python web development framework Django could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:704494 snapd: Daemon and tooling that enable snap packages snapd could be made to run programs as an administrator. oval:org.secpod.oval:def:704490 libarchive: Library to read/write archive files Several security issues were fixed in libarchive. oval:org.secpod.oval:def:704492 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:1900776 do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. oval:org.secpod.oval:def:704487 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:704489 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:704485 dovecot: IMAP and POP3 email server Dovecot could be made to expose sensitive information over the network. oval:org.secpod.oval:def:704475 avahi: Avahi IPv4LL network address configuration daemon Several security issues were fixed in Avahi. oval:org.secpod.oval:def:704473 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704474 libvncserver: vnc server library Several security issues were fixed in LibVNCServer. oval:org.secpod.oval:def:704468 spice: SPICE protocol client and server library Spice could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704450 ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:704451 mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:704452 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704440 libcaca: text mode graphics utilities Several security issues were fixed in libcaca. oval:org.secpod.oval:def:704441 libarchive: Library to read/write archive files Several security issues were fixed in libarchive. oval:org.secpod.oval:def:704447 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704448 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:704449 apt: Advanced front-end for dpkg An attacker could trick APT into installing altered packages. oval:org.secpod.oval:def:1901803 An out-of-bounds heap read condition when scanning PDF documents oval:org.secpod.oval:def:1901804 An out-of-bounds heap write condition when scanning OLE2 files oval:org.secpod.oval:def:704660 libgd2: GD Graphics Library Several security issues were fixed in GD. oval:org.secpod.oval:def:704651 ghostscript: PostScript and PDF interpreter Details: USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Original advisory USN-3866-2 introduced a regressi ... oval:org.secpod.oval:def:704652 ldb: LDAP-like embedded database - tools LDB could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704654 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704655 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704657 openssl1.0: Secure Socket Layer cryptographic library and tools - openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to expose sensitive information over the network. oval:org.secpod.oval:def:704899 libxslt: XSLT processing library Libxslt could be made to expose sensitive information if it received a specially crafted file. oval:org.secpod.oval:def:704658 nss: Network Security Service library NSS could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704882 systemd: system and service manager The systemd PAM module could be used to gain additional PolicyKit privileges. oval:org.secpod.oval:def:704883 wget: retrieves files from the web Several security issues were fixed in Wget. oval:org.secpod.oval:def:704880 lua5.3: Simple, extensible, embeddable programming language Lua could be made to crash if it received a specially crafted script. oval:org.secpod.oval:def:704881 clamav: Anti-virus utility for Unix Several security issues were fixed in ClamAV. oval:org.secpod.oval:def:704888 rssh: Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist rssh could be made to run arbitrary commands if it received specially crafted input. oval:org.secpod.oval:def:704889 ruby2.5: Interpreter of object-oriented scripting language Ruby - ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:1900077 A NULL pointer dereference in the function _libtiff-tools memcmp at tif_unix.c in Liblibtiff-tools 4.0.9 allows an attacker to cause a denial-of-service through a crafted libtiff-tools file. This vulnerability can be triggered by the executable libtiff-tool scp. oval:org.secpod.oval:def:704877 advancecomp: collection of recompression utilities AdvanceCOMP could be made to run arbitrary code if it opened a specially crafted file. oval:org.secpod.oval:def:704878 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to create files in unexpected locations. oval:org.secpod.oval:def:1901135 do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. oval:org.secpod.oval:def:704861 dovecot: IMAP and POP3 email server Dovecot could be made to crash or run programs as an administrator if it opened a specially crafted file. oval:org.secpod.oval:def:1900040 set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file"s origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information by reading this attribute, as demonstrated by getfattr. This als ... oval:org.secpod.oval:def:704853 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704855 firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3918-1 caused a regression in Firefox. oval:org.secpod.oval:def:704856 gpac: GPAC Project on Advanced Content GPAC could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704842 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704845 xmltooling: C++ XML parsing library with encryption support xmltooling could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704836 snapd: Daemon and tooling that enable snap packages An intended access restriction in snapd could be bypassed by strict mode snaps on 64 bit architectures. oval:org.secpod.oval:def:704838 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704834 ntfs-3g: read/write NTFS driver for FUSE NTFS-3G could be made to crash or potentially run programs as an administrator if executed with specially crafted arguments. oval:org.secpod.oval:def:704824 libvirt: Libvirt virtualization toolkit libvirt could be made to crash under certain conditions. oval:org.secpod.oval:def:704827 file: Tool to determine file types Several security issues were fixed in file. oval:org.secpod.oval:def:704822 walinuxagent: Windows Azure Linux Agent WALinuxAgent could be made to expose sensitive information. oval:org.secpod.oval:def:1901181 do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. oval:org.secpod.oval:def:704805 openssh: secure shell for secure access to remote machines Details: USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Original advisory One of the fixes in USN-3885-1 was incomplete. oval:org.secpod.oval:def:1900685 An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read. oval:org.secpod.oval:def:1901787 In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small oval:org.secpod.oval:def:1900026 The GD Graphics Library 2.2.5 has a double free in thegdImage*Ptr functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE:PHP is unaffected. oval:org.secpod.oval:def:1901120 0-byte record padding oracle oval:org.secpod.oval:def:1900006 rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command vulnerability in allow scppermission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allow scp permission. oval:org.secpod.oval:def:1900007 The libtiff-toolsFdOpen function in tif_unix.c in Liblibtiff-tools 4.0.10 has a memory leak,as demonstrated by pal2rgb. oval:org.secpod.oval:def:1900480 libical-dev 1.0 allows remote attackers to cause a denial of service via a crafted ics file. oval:org.secpod.oval:def:1900014 Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, result ing in the execution of arbitrary shell commands. oval:org.secpod.oval:def:1901708 XML parser class fails to trap exceptions on malformed XML declaration oval:org.secpod.oval:def:50592 set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribu ... oval:org.secpod.oval:def:1901754 [Escape sequence injection vulnerability in verbose] oval:org.secpod.oval:def:1901515 In GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking. oval:org.secpod.oval:def:1901756 [Escape sequence injection vulnerability in API response handling] oval:org.secpod.oval:def:1901760 [Delete directory using symlink when decompressing tar] oval:org.secpod.oval:def:1901739 [Escape sequence injection vulnerability in gem owner] oval:org.secpod.oval:def:1901742 [Installing a malicious gem may lead to arbitrary code execution] oval:org.secpod.oval:def:1901745 [Escape sequence injection vulnerability in errors] oval:org.secpod.oval:def:1900823 GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a. oval:org.secpod.oval:def:1900827 In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled. oval:org.secpod.oval:def:704501 ghostscript: PostScript and PDF interpreter Details: USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Original advisory USN-3866-1 introduced a regression in Ghostscript. oval:org.secpod.oval:def:1901079 GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames. oval:org.secpod.oval:def:1900114 In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp may suffer from a denial of service caused by an integer overflow via a crafted PSD image file. oval:org.secpod.oval:def:704916 tcpflow: TCP flow recorder tcpflow could be made to crash or expose sensitive information over the network if it opened a specially crafted file or received specially crafted network traffic. oval:org.secpod.oval:def:704917 bind9: Internet Domain Name Server Bind could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:704902 firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3918-1 caused a regression in Firefox ... oval:org.secpod.oval:def:704903 ntfs-3g: read/write NTFS driver for FUSE Details: USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary. Original advisory A hardening measure was added to NTFS-3G. oval:org.secpod.oval:def:1900144 In libpoppler-dev 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service by crafting a PDF file in which an xref data structure is mishandled during extract PDFSubtype processing. oval:org.secpod.oval:def:1900143 There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile1 1.0.28 that will cause a denial of service. oval:org.secpod.oval:def:1900149 keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes result ing in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. oval:org.secpod.oval:def:1900123 An issue was discovered in libsndfile1 1.0.28. There is a NULL pointerdereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. oval:org.secpod.oval:def:1900130 An issue was discovered in libsndfile1 1.0.28. There is a buffer over-read in the function i2a law_array in a law.c that will lead to a denial of service. oval:org.secpod.oval:def:1900137 In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service caused by an integer overflow via a crafted PSD image file. oval:org.secpod.oval:def:1901816 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. oval:org.secpod.oval:def:1901822 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. oval:org.secpod.oval:def:1901817 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. oval:org.secpod.oval:def:1900794 In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker. oval:org.secpod.oval:def:1902089 dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1902084 libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service or possibly have unspecified other impact because it tries to decompress twice. oval:org.secpod.oval:def:1902085 Divide-by-zero vulnerabilities in the function arlib_add_symbols in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. oval:org.secpod.oval:def:1902099 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. oval:org.secpod.oval:def:1902095 In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. oval:org.secpod.oval:def:1902096 A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm. oval:org.secpod.oval:def:1902068 An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service with a crafted ELF file, as demonstrated by consider_notes. oval:org.secpod.oval:def:1902063 libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. oval:org.secpod.oval:def:1902070 An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a d ... oval:org.secpod.oval:def:1900071 An issue was discovered in libpoppler-dev 0.71.0. There is a memory leak inGfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftolibcairo2-dev. oval:org.secpod.oval:def:1900042 In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file. oval:org.secpod.oval:def:1900044 An issue was discovered in libsndfile1 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. oval:org.secpod.oval:def:1900058 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. oval:org.secpod.oval:def:1902043 AdminURLFieldWidget XSS oval:org.secpod.oval:def:1900088 In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service via a crafted PNG file. oval:org.secpod.oval:def:1902024 It was discovered the fix for CVE-2018-19758 was not complete and still allows a read beyond the limits of a buffer in wav_write_header function in wav.c. A local attacker may use this flaw to make the application crash. oval:org.secpod.oval:def:1901170 The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of ... oval:org.secpod.oval:def:1902037 file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. oval:org.secpod.oval:def:1902036 An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn"t support that option , an authenticated user may block ... oval:org.secpod.oval:def:1902034 SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. oval:org.secpod.oval:def:704814 poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:1900090 corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. oval:org.secpod.oval:def:1900696 In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. oval:org.secpod.oval:def:1901355 An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. oval:org.secpod.oval:def:1901107 QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. oval:org.secpod.oval:def:705050 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:705049 znc: advanced modular IRC bouncer znc could be made to crash or run programs as an administrator if it opened a specially crafted file. oval:org.secpod.oval:def:705036 policykit-desktop-privileges: run common desktop actions without password A security improvement has been made to policykit-desktop-privileges. oval:org.secpod.oval:def:705038 neutron: OpenStack Virtual Network Service A system hardening measure could be bypassed. oval:org.secpod.oval:def:1901702 Jann Horn identified a problem in current versions of libseccomp-dev where the library did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators . oval:org.secpod.oval:def:705010 dbus: simple interprocess messaging system DBus could allow unintended access to services. oval:org.secpod.oval:def:705013 firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. W ... oval:org.secpod.oval:def:1901755 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find located at Dict.cc, which can be triggered by passing a crafted pdf file to the pdfunite binary. oval:org.secpod.oval:def:1901762 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. oval:org.secpod.oval:def:1901761 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. oval:org.secpod.oval:def:705007 glib2.0: GLib library of C routines GLib could be made to expose sensitive information if it received a specially crafted file. oval:org.secpod.oval:def:705009 elfutils: collection of utilities to handle ELF objects Several security issues were fixed in elfutils. oval:org.secpod.oval:def:1901744 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. oval:org.secpod.oval:def:1900896 An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. oval:org.secpod.oval:def:1901743 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. oval:org.secpod.oval:def:1901913 A stack-based buffer over-read exists in setbit at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call. oval:org.secpod.oval:def:1901910 An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds r ... oval:org.secpod.oval:def:704993 db5.3: Berkeley DB Utilities Berkeley DB could be made to expose sensitive information. oval:org.secpod.oval:def:704999 firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3991-1 caused a regr ... oval:org.secpod.oval:def:1902102 Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. oval:org.secpod.oval:def:1900165 In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImagefunction of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. oval:org.secpod.oval:def:704980 qtbase-opensource-src: Qt 5 libraries Several security issues were fixed in Qt. oval:org.secpod.oval:def:1902107 An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of ... oval:org.secpod.oval:def:1902106 In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service because ebl_core_note does not reject malformed core file notes. oval:org.secpod.oval:def:1900161 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. oval:org.secpod.oval:def:704970 keepalived: Failover and monitoring daemon for LVS clusters Keepalived could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1902111 An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. oval:org.secpod.oval:def:704975 libseccomp: library for working with the Linux seccomp filter libseccomp could allow unintended access to system calls. oval:org.secpod.oval:def:704960 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1901078 In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. oval:org.secpod.oval:def:704952 wireshark: network traffic analyzer Wireshark could be made to crash if it received specially crafted network traffic or input files. oval:org.secpod.oval:def:704955 libraw: raw image decoder library Several security issues were fixed in LibRaw. oval:org.secpod.oval:def:704944 samba: SMB/CIFS file, print, and login server for Unix Samba could allow unintended access to network services. oval:org.secpod.oval:def:704934 ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:1900102 The DGifDecompressLine function in dgif_lib.c in libgif-dev , as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->Running Code - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:1900093 ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. oval:org.secpod.oval:def:1900459 Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in libgif-dev 5.1.2 allows remote attackers to cause a denial of service via the background color index in a GIF file. oval:org.secpod.oval:def:1901963 Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a mount via rename which could result in local privilege escalation. Mounting via rename could potentially lead to a file being placed elsewhereon the filesystem hierarchy if the directory being cleaned up was on the same physica ... oval:org.secpod.oval:def:1901765 [HTTP/2 DoS] oval:org.secpod.oval:def:1902088 A NULL pointer dereference was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. oval:org.secpod.oval:def:1902086 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name, d_encoding, and d_local_name in cp-demangle.c. Remote attackers could leverage this vulnerability to c ... oval:org.secpod.oval:def:1902069 An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function. oval:org.secpod.oval:def:1902066 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual and cplus_demangle_type in cp-demangle.c. Remote attackers could leverage this vulnerability ... oval:org.secpod.oval:def:1902062 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many "P" characters. oval:org.secpod.oval:def:1902061 An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. oval:org.secpod.oval:def:1902060 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_funct ... oval:org.secpod.oval:def:1902076 demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. oval:org.secpod.oval:def:1901163 ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. oval:org.secpod.oval:def:1900052 Input validation issue result ing in a denial of service oval:org.secpod.oval:def:1901967 An issue was discovered in GNU libiberty-dev, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. oval:org.secpod.oval:def:1901969 An issue was discovered in GNU libiberty-dev, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. oval:org.secpod.oval:def:1901928 An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. oval:org.secpod.oval:def:1900454 saned in libsane-dev 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. oval:org.secpod.oval:def:1900401 An issue was discovered in apng2gif 1.7. There is an integer overflow result ing in a heap-based buffer over-read, related to the load_a pngfunction and the imagesize variable. oval:org.secpod.oval:def:1901898 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl ... oval:org.secpod.oval:def:1901899 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols t ... oval:org.secpod.oval:def:1900126 GNU libextractor-dev through 1.8 has an out-of-bounds read vulnerability in the function history_extract in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. oval:org.secpod.oval:def:1900986 An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range arg ... oval:org.secpod.oval:def:1900991 An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when th ... oval:org.secpod.oval:def:1900966 An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnupl ... oval:org.secpod.oval:def:1901871 A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. oval:org.secpod.oval:def:1900068 GNU libextractor-dev through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata in plugins/ole2_extractor.c. oval:org.secpod.oval:def:1902015 libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument. oval:org.secpod.oval:def:704854 libapache2-mod-auth-mellon: SAML 2.0 authentication module for Apache Several security issues were fixed in mod_auth_mellon. oval:org.secpod.oval:def:1901302 [Unknown description] oval:org.secpod.oval:def:1900018 The Debian python-python-rdflib-tools 4.2.2-1 package for python-rdflib 4.2.2 has CLItools that can load Python modules from the current working directory,allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scr ... oval:org.secpod.oval:def:1901906 [Unknown description] oval:org.secpod.oval:def:1901905 [Unknown description] oval:org.secpod.oval:def:1901907 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS ... oval:org.secpod.oval:def:1901901 [Unknown description] oval:org.secpod.oval:def:1901904 [Unknown description] oval:org.secpod.oval:def:1901903 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple proto ... oval:org.secpod.oval:def:705816 gst-plugins-base1.0: GStreamer plugins - gst-plugins-base0.10: GStreamer plugins GStreamer Base Plugins could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:705817 evince: Document viewer Evince could be made to expose sensitive information if it received a specially crafted file. oval:org.secpod.oval:def:705813 mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:1900035 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process . oval:org.secpod.oval:def:50591 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system ba ... oval:org.secpod.oval:def:1902109 A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Me ... oval:org.secpod.oval:def:1901675 Directory Traversal vulnerability in salt-common-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. oval:org.secpod.oval:def:1901680 SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-common-api. oval:org.secpod.oval:def:704820 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704442 haproxy: fast and reliable load balancing reverse proxy Several security issues were fixed in HAProxy. oval:org.secpod.oval:def:1901106 In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. oval:org.secpod.oval:def:1902120 In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. oval:org.secpod.oval:def:1901789 In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. oval:org.secpod.oval:def:1901129 A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle-dev handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases ... oval:org.secpod.oval:def:1900125 In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread clean ing up that in colibming-dev data. This affects only HTTP/2 connections. oval:org.secpod.oval:def:54093 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:1900079 In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. oval:org.secpod.oval:def:1901777 mod_auth_digest access control bypass oval:org.secpod.oval:def:1901779 mod_http2, read-after-free on a string compare oval:org.secpod.oval:def:1901778 Apache HTTP Server privilege escalation from modules" scripts oval:org.secpod.oval:def:1901780 mod_http2, possible crash on late upgrade oval:org.secpod.oval:def:1901781 Apache httpd URL normalization inconsistincy oval:org.secpod.oval:def:1901444 Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq ... oval:org.secpod.oval:def:704472 openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Java applets or applications could be made to expose sensitive information. oval:org.secpod.oval:def:1900703 libvirt0 version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. oval:org.secpod.oval:def:704874 policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access. oval:org.secpod.oval:def:705057 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:1901934 [Crafted null dereference attack in authenticated mode 6 packet] oval:org.secpod.oval:def:704399 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:704368 openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:704940 openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:704418 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1901874 Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e in the image path as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd. oval:org.secpod.oval:def:50662 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacke ... oval:org.secpod.oval:def:705056 docker.io: Linux container runtime Docker could be made to overwrite files as the administrator. oval:org.secpod.oval:def:704837 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:1901815 An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard librar ... oval:org.secpod.oval:def:1900768 When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. oval:org.secpod.oval:def:704434 exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2. oval:org.secpod.oval:def:1901438 In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. oval:org.secpod.oval:def:1902098 A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. oval:org.secpod.oval:def:1902094 Exposed suppressed username or log in Special:EditTags. oval:org.secpod.oval:def:1902097 Passing invalid titles to the API could cause a DoS by querying the entire `watchlist` table. oval:org.secpod.oval:def:1900038 Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman keyexchange, ... oval:org.secpod.oval:def:1901991 In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. oval:org.secpod.oval:def:1901982 In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. oval:org.secpod.oval:def:1901986 In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. oval:org.secpod.oval:def:1901988 In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. oval:org.secpod.oval:def:1902103 Exposed suppressed log in RevisionDelete page. oval:org.secpod.oval:def:1902105 Privileged API responses that include whether a recent change has been patrolled may be cached publicly. oval:org.secpod.oval:def:1902104 It is possible to bypass the limits on IP range blocks by using the API. oval:org.secpod.oval:def:1902101 Directly POSTing to Special:ChangeEmail would allow for bypassing reauthentication, allowing for potential account takeover. oval:org.secpod.oval:def:1902100 An account can be logged out without using a token oval:org.secpod.oval:def:1902108 Loading user JavaScript from a non-existent account allows anyone to create the account, and XSS the users" loading that script. oval:org.secpod.oval:def:1901383 The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-201 ... oval:org.secpod.oval:def:1900805 The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. oval:org.secpod.oval:def:1901278 Expat allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. oval:org.secpod.oval:def:1900108 In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x360x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails.Remote attack ... oval:org.secpod.oval:def:1901193 In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. oval:org.secpod.oval:def:1900084 In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901561 In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. oval:org.secpod.oval:def:1901753 In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. oval:org.secpod.oval:def:1901766 In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. oval:org.secpod.oval:def:1900170 There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.cin GraphicsMagick before 1.3.31. oval:org.secpod.oval:def:704488 linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704482 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:68052 zeromq3: lightweight messaging kernel ZeroMQ could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:50967 In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. oval:org.secpod.oval:def:705017 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - li ... oval:org.secpod.oval:def:704410 linux-aws: Linux kernel for Amazon Web Services systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704409 linux: Linux kernel - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704868 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 S ... oval:org.secpod.oval:def:704809 linux: Linux kernel - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1901995 An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. oval:org.secpod.oval:def:1902136 Jonathan Looney discovered that the Linux kernel could be coerced into segmenting responses into multiple TCP segments. A remote attacker could construct an ongoing sequence of requests to cause a denial of service. oval:org.secpod.oval:def:704951 libvirt: Libvirt virtualization toolkit Several issues were addressed in libvirt. oval:org.secpod.oval:def:704959 intel-microcode: Processor microcode for Intel CPUs Details: USN-3977-1 provided mitigations for Microarchitectural Data Sampling vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry ... oval:org.secpod.oval:def:704946 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 S ... oval:org.secpod.oval:def:704947 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:704948 qemu: Machine emulator and virtualizer Several issues were addressed in QEMU. oval:org.secpod.oval:def:1901505 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing "/" character, but the alias target file ... oval:org.secpod.oval:def:704992 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 A system hardening measure could be bypassed. oval:org.secpod.oval:def:1901688 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. oval:org.secpod.oval:def:704912 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1901894 Heap-buffer-overflow in exif_iif_add_value in EXIF oval:org.secpod.oval:def:1901893 Heap-buffer-overflow in php_ifd_get32s oval:org.secpod.oval:def:1901698 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. oval:org.secpod.oval:def:1901693 ** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happ ... oval:org.secpod.oval:def:1902044 heap-buffer-overflow on php_jpg_get16 oval:org.secpod.oval:def:1902040 Out-of-bounds read in iconv.c:_php_iconv_mime_decode due to integer overflow oval:org.secpod.oval:def:704846 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1901536 memory-based DoS in libtiff-tools2bw oval:org.secpod.oval:def:1901711 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. oval:org.secpod.oval:def:1901713 An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to acce ... oval:org.secpod.oval:def:1901966 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. oval:org.secpod.oval:def:1901700 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. oval:org.secpod.oval:def:704995 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1901824 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. oval:org.secpod.oval:def:1901285 An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. oval:org.secpod.oval:def:704998 jinja2: small but fast and easy to use stand-alone template engine Several security issues were fixed in Jinja2. oval:org.secpod.oval:def:704926 libpng1.6: PNG file library libpng be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:1900013 An issue was discovered in NumPy 1.16.0 and earlier. It uses the picklePython module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. oval:org.secpod.oval:def:1901979 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. oval:org.secpod.oval:def:1901902 png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute. oval:org.secpod.oval:def:704972 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704956 python-urllib3: HTTP library with thread-safe connection pooling for Python Several security issues were fixed in urllib3. oval:org.secpod.oval:def:704957 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704839 libsolv: A dependency solver using a satisfiablility algorithm Libzip could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:1900150 GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms are not used. oval:org.secpod.oval:def:1900119 A stack-based buffer overflow in psf_memset in common.c in libsndfile11.0.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.The vulnerability can be triggered by the executable sndfile-deinterleave. oval:org.secpod.oval:def:1900314 The function d2a law_array in a law.c of libsndfile1 1.0.29pre1 may lead to a remote DoS attack , a different vulnerability than CVE-2017-14245. oval:org.secpod.oval:def:1900267 An out of bounds read in the function d2ulaw_array in ulaw.c of libsndfile1 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. oval:org.secpod.oval:def:1900273 An out of bounds read in the function d2a law_array in a law.c of libsndfile1 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. oval:org.secpod.oval:def:1900256 In libsndfile1 1.0.28, a divide-by-zero error exists in the function double64_init in double64.c, which may lead to DoS when playing a crafted audio file. oval:org.secpod.oval:def:705008 libsndfile: Library for reading/writing audio files Several security issues were fixed in libsndfile. oval:org.secpod.oval:def:1901241 TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. oval:org.secpod.oval:def:1900965 Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunde ... oval:org.secpod.oval:def:704430 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 T ... oval:org.secpod.oval:def:704393 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to crash or run programs as an adminis ... oval:org.secpod.oval:def:1901002 In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding , `Buffer#write` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input byt ... oval:org.secpod.oval:def:1901008 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. oval:org.secpod.oval:def:1901453 All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where obje ... oval:org.secpod.oval:def:1901831 NULL pointer dereference using a specially crafted X509 certificate oval:org.secpod.oval:def:1901833 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding during NFKC normalization. The impact is: Information disclosure . The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorre ... oval:org.secpod.oval:def:1900750 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers , and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocat ... oval:org.secpod.oval:def:1901770 urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen call. oval:org.secpod.oval:def:1901335 Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of No ... oval:org.secpod.oval:def:705076 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1901767 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. This ... oval:org.secpod.oval:def:1900816 Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to ma ... oval:org.secpod.oval:def:1901493 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" protocol . If security deci ... oval:org.secpod.oval:def:1901123 common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901841 ** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access t ... oval:org.secpod.oval:def:1900806 swt/motif/browser.c in White_dune 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1900380 The cr_input_new_from_uri function in cr-input.c in libcroco3-dev 0.6.11 and0.6.12 allows remote attackers to cause a denial of service via a crafted CSS file. oval:org.secpod.oval:def:1900390 The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco3-dev 0.6.12 allow sremote attackers to cause a denial of service via a crafted CSS file. oval:org.secpod.oval:def:1900970 ** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco3-dev 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a c ... oval:org.secpod.oval:def:1900403 The cr_parser_parse_selector_core function in cr-parser.c in libcroco3-dev0.6.12 allows remote attackers to cause a denial of service via a crafted CSS file. |